Goodware vs. Malware

In the world of security, you have number of tools to help you make difficult decisions – some built into your security stack and others available as free resources that can be found online. Today, I would like to discuss the latter. 

I will begin by presenting you with a problem. The decision you must make is based on the images below; more specifically, you must decide which .exe file is safe to run, and which one is not.

To generate these two images I used OPSWAT Metadefender, a free-to-use vulnerability-scanning tool which utilizes the decision engines of a vast majority of the antivirus (AV) tools on the market today.

As you can see in the screenshot below (Figure 1), the first file I uploaded is flagged 21/40. This number means that 21 AV engines on OPSWAT have marked this file as malware and the other 19 have marked it as ‘Goodware’ – making it ‘possibly’ unsafe to run. 

Here, we do not get a clear ‘Yes or No’ answer about the safety of this file. We must make our own decision about whether this program should be allowed to run in our environment. It’s not an optimal result, but it’s a result nonetheless and marginally better than taking a wild guess.

Figure 1: Unknown.exe File Rated ‘Possibly’ Unsafe by Metadefender

Given these results, I (along with most other security professionals) would decide NOT to let this run in my environment without further analysis.

Now, let’s take a look at the second example:

Figure 2: Unknown.exe File Rated as ‘Zero Threats Found’ by Metadefender

In this next example, we can see that all 40 available engines on OPSWAT have marked this file as “Not a Threat”. Looking at this result, you would probably feel comfortable letting (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Chris Stephen. Read the original post at: Cylance Blog